p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
900 Commits 31 Branches 0 Tags 47 MiB
Commit Graph

116 Commits

Author SHA1 Message Date
Vakaris 592dd27d91 Added functions get_monkey_paths and run_backup_commands 2018-08-28 20:51:25 +03:00
Vakaris bd8423216b Changed constructor to have default paths set to None for convienience 2018-08-23 18:35:30 +03:00
Vakaris 3e7d7425e4 made get_exploit_config non-static for readability 2018-08-22 16:01:16 +03:00
Vakaris e1b1236fb3 Comments and CR notes fixed 2018-08-22 13:41:17 +03:00
Vakaris eae3f3440d Refactored exploit_host and added get_exploit_config 2018-08-22 13:33:36 +03:00
Vakaris 911404ef68 Implemented default_exploit_host method that can implement whole framework's workflow according to some flags/params 2018-08-21 12:34:59 +03:00
Vakaris e3d286dbc0 Minor bugfix for error handling in new custom monkey destination paths feature 2018-08-18 13:14:05 +03:00
Vakaris 5565a80418 Web_RCE framework now supports custom monkey uploading paths( we don't always have permissions to uppload to C:\Windows) 2018-08-17 13:53:09 +03:00
Vakaris b8bda692b9 Notes fixed v.2 2018-08-15 16:01:27 +03:00
Vakaris 0d45a44d6b Final, tested framework fixes 2018-08-10 15:07:56 +03:00
Vakaris 5232d84e06 Almost all notes fixed, but nothing tested. 2018-08-09 16:52:15 +03:00
Vakaris d1a29872c4 Fixed half of the notes and added a small tcp_port_to_service method in network/tools 
no message
 2018-08-09 12:13:44 +03:00
Vakaris 8e684a3fad Bugfix: model.__init__ changed( I forgot to add the file to the branch) and server lock is not a singleton anymore 2018-08-07 17:44:31 +03:00
Vakaris 3f8d63c2d9 Timeout of joining set to 5 seconds. No use of waiting for another thread to stop. We can run our program while the thread stops 2018-08-04 13:01:19 +03:00
Vakaris 40957f865c Struts2 compatability fix 2018-07-19 13:04:52 +03:00
Vakaris 68d949c655 Web RCE framework core files/changes 2018-07-19 12:33:44 +03:00
Daniel Goldberg 3e1edeac61
Merge pull request #156 from VakarisZ/dropper_samefile_fix 
Dropper bug fix
 2018-07-18 20:53:52 +03:00
Vakaris d78e81db06 Changed to a better file comparison function 2018-07-18 20:48:15 +03:00
Vakaris dfecc6d6ac os.path.samefile does not work on windows. My code checks if files handlers are the same instead 2018-07-18 12:44:19 +03:00
Daniel Goldberg d853e02693 Remove FTP server from infra 
New FTP server will come from pyftp
 2018-07-17 13:08:08 +03:00
Daniel Goldberg f98a121c51
Merge branch 'develop' into master 2018-07-09 18:53:43 +03:00
Daniel Goldberg 35b535f97a Removed hard coded debug address and replaced with non routable IP 2018-07-08 12:14:45 +03:00
Vakaris c278b0a29c Small changes 2018-06-26 18:03:31 +03:00
Vakaris 6a37f2b953 removed debugging code 2018-06-25 19:11:58 +03:00
Vakaris 671452243d Fixed some bugs and more notes 2018-06-25 18:26:34 +03:00
Vakaris 81712ddbf0 Merge branch 'struts2RCE' of https://github.com/VakarisZ/monkey into struts2RCE 2018-06-22 14:57:04 +03:00
Vakaris 7ce790affa Some notes fixed 2018-06-22 14:55:52 +03:00
Daniel Goldberg d510476658
Merge branch 'develop' into struts2RCE 2018-06-21 13:23:12 +03:00
Daniel Goldberg f55133e8c1
Merge pull request #142 from guardicore/feature/MSSQL_fingerprint 
Feature/mssql fingerprint
 2018-06-21 11:46:21 +03:00
Vakaris 208411d6fc Cosmetic changes 2018-06-21 00:10:56 +03:00
Vakaris ef6c512ea9 Finished up exploitation and added reporting 2018-06-20 22:35:18 +03:00
Vakaris 2d27972e7e Struts exploitation working, and tested with win-64 and ubuntu 2018-06-20 16:58:20 +03:00
Vakaris 413bdd9254 Not yet functioning and tested, but most functions are done 2018-06-19 18:08:52 +03:00
Vakaris 9a8a6c6e28 Now exploiting both win and linux. Also, added check if monkey is not already present 2018-06-19 18:05:09 +03:00
Itay Mizeretz 20d4b3a642 Fix default config values 2018-06-13 16:05:12 +03:00
maor.rayzin db6f44109b * Responding to the PR comments with the logs and usage changes. 2018-06-12 16:29:27 +03:00
maor.rayzin d312a3a771 * Changed name from MSSQLFingerprint to MSSQLFinger to match convention. 
* Added UI support for the new fingerprint in Monkey Island.
* UI supports includes writing up MSSQL as a service under node's
  services list.
 2018-06-12 13:26:28 +03:00
maor.rayzin fe1f6d67e5 Merge branch 'develop' into feature/MSSQL_fingerprint 2018-06-11 20:19:12 +03:00
maor.rayzin 1272700fe5 * Added an author mark and updated docs 
* Changed the module to use the VictimHost object as host
* added True\False return statements.
 2018-06-09 20:02:18 +03:00
maor.rayzin fadafdbd3a Updated the config files to default include the mssql fingerfrint class: MSSQLFingerprinter, in the monkey's configuration. 2018-06-09 18:23:54 +03:00
maor.rayzin d4c1871f87 Implemented the first draft of the mssql fingerprint class 
Every line of code is documented and straight forward.
 2018-06-09 18:23:08 +03:00
maor.rayzin 8b22a52006 Added the mssql finger class to the main network init file so it will be usable. 2018-06-09 18:16:39 +03:00
maor.rayzin 293c204ddd Created the MSSQL_fingerprinter branch, 
added the fingerprint class WIP.
 2018-06-09 17:51:46 +03:00
Daniel Goldberg ecdd2e8762
Merge branch 'develop' into SSH_key_stealing 2018-06-05 16:59:28 +03:00
Vakaris 0503f90168 Notes fixed 2018-06-04 12:07:10 +03:00
Daniel Goldberg c7ed02b98e Bugfix, run Shellshock attack as dropper rather than monkey 2018-05-31 15:38:54 +03:00
Vakaris 30a3bbf9a0 Exploitation of machines using ssh keys added. Also, added shh keys exploitation to report 2018-05-29 01:02:49 +03:00
Vakaris f45cebfd5e Does not store encrypted or already present ssh keys, shows all users from whom SSH private key were stolen under "stolen credentials" in report 2018-05-25 01:34:24 +03:00
Vakaris 4197ab12a3 SSH keys are now encrypted and added to database 2018-05-24 16:59:22 +03:00
Daniel Goldberg ee835d51b0 Remove Monkey testing code, dead code as it is. 2018-05-23 15:22:27 +03:00